gitolite禁止访问主分支上的目录，但不允许在用户分支上访问 [英] gitolite disallow access for directory on master branch but not on user branch

问题描述

请考虑以下回购：

REPO / src / A /

REPO / src / B /

是否有可能只有1个回购实施以下限制？

1. 在master分支上，允许完全访问维护者角色


2. 在主分支上，不允许访问A，但允许B贡献者角色。个人分支机构，允许A和B完全访问创作者。
使用Gitolite V3 < a href =http://sitaramc.github.com/gitolite/g3why.html =nofollow noreferrer>或g3及其 VREF ，应该可以实现这些限制。




但是你可以访问管理仅用于写访问。

如果用户可以克隆回购，他/她将可以读取所有回购（如）。

如果你真的想要限制读取权限，您可以尝试 gitolite'部分复制'。





几注：





• VREF可用于限制按目录/文件名推送 a>。


• 我在这里使用 角色 ，而不是用户组：您需要设置所述用户单独的权限。


• Personnal分行此处介绍 。






访问规则类似于：



 < permission> <零个或更多个refexes> =<一个或多个用户/用户组> 
  

<零或多个refexes> 表示你的罐子可以组合refexes





这会给出类似于（未测试）的结果：



 repo REPO 
 RW + master = MAINTAINER 
  - 主VREF / NAME / A =贡献者
 RW主VREF / NAME / B =贡献者
 RW personal / USER / VREF / NAME / A = CREATOR 
 RW personal / USER / VREF / NAME / B = CREATOR 
  




Consider the following repo:

REPO/src/A/

REPO/src/B/

Is it possible by having only 1 repo to implement the following restrictions?

1. On master branch, allow full access to maintainers role
2. On master branch, disallow access to A but allow for B to contributors role.
3. On personal branches, allow full access to A and B to creators.

解决方案

With Gitolite V3 or 'g3' and its VREF, it should be possible to implement those restrictions.

But the access you can manage is only for write-access.
If a user can clone a repo, he/she will have read-access to all the repo (as mentioned in "gitolite: allow to change only selelected files").
If you really want to limit read-access, you might try gitolite 'partial-copy'.

Few notes:

• VREF can be used for restricting pushes by dir/file name.
• I use here the notion of role, not group of users: you need to set the permission separately for said users.
• Personnal branches are described here.

An access rule is like:

<permission> <zero or more refexes> = <one or more users/user groups>

<zero or more refexes> means your can combines refexes

That would give something like (not tested):

repo REPO
        RW+  master                     =   MAINTAINER
        -    master         VREF/NAME/A =   CONTRIBUTOR
        RW   master         VREF/NAME/B =   CONTRIBUTOR
        RW   personal/USER/ VREF/NAME/A =   CREATOR
        RW   personal/USER/ VREF/NAME/B =   CREATOR

这篇关于gitolite禁止访问主分支上的目录，但不允许在用户分支上访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！